Archive for the ‘Solaris x86’ Category

Flush DNS resolver cache on OS X, Linux, Solaris and Windows

Wednesday, October 21st, 2009

OS X: dscacheutil -flushcache

Linux (CentOS, RHEL): /sbin/service nscd restart

Solaris: ps -eaf|grep nscd

kill -9 PID   ### PID is process ID from the previous step

/usr/sbin/nscd

Windows (from command line of course): ipconfig /flushdns (run ipconfig /displaydns to view the DNS resolver cache)

rsync over ssh

Wednesday, October 21st, 2009

This example show how to rsync files over ssh running the rsync on the destination host:

rsync -avz -e ssh remote_user@remote_host:/remote/dir /local/dir/

in this case you’d have to enter remote_user password. If you are running rsync on a regular basis, create ssh keys with no password and copy public key to the .ssh/authorized_keys file on the remote user you are connecting as on the remote host.

You can also copy multiple files or directories from the destination host:

rsync -avz -e ssh  remote_host:/remote_dir/file1 remote_dir2/file2 /local/dir

Meaning of options used (from rsync man page):

-a, –archive               archive mode; same as -rlptgoD (no -H)

-z, –compress              compress file data during the transfer

-v, –verbose               increase verbosity

-e, –rsh=COMMAND           specify the remote shell to use

multiple domains in one reverse zone

Monday, October 12th, 2009

This is quick and dirty way to jam all your subnets into one bind zone. This is not recommended way to run DNS, but if you are in a hurry and you want to get DNS working in your organization quickly without spending too much time setting up zones and name servers, you can get them to work easily in one zone. Forward requests are typically not a problem and they resolve fine when multiple subnets are  in the one zone file. Problem is with reverse records and you can get that to work in one zone file if you name your reverse zone file in-addr.arpa. Read more below:

After you create your zones, check zones with named-checkzone and correct any errors. If you get simiar error as: Jan 17 15:07:56 r2d2 named[4499]: mydomain.in-addr.arpa:326: ignoring out-of-zone data (21.161.27.172.in-addr.arpa)
that is because your zone is not considered authoratitive for the PTR records you are trying to put in. To define correct PTR zone, choose one of the following zones (example domain is 192.22.239.x):

zone “139.239.22.195.in-addr.arpa” IN {} (recommended)
zone “239.22.195.in-addr.arpa” IN {}
zone “22.195.in-addr.arpa” IN {}
zone “195.in-addr.arpa” IN {}
zone “in-addr.arpa” IN {}  // this could take almost any number of domains in one zone
zone “arpa” IN {} (discouraged)

Of course multiple PTR zones in one zone is not really recommended and maybe can be used only for internal DNS

correct PTR zone template is:

$TTL 60
in-addr.arpa. IN  SOA c3po.myzone.zone. root.c3po.myzone.zone. (
2007011703      ; serial, todays date + todays serial #
10800           ; refresh, seconds
3600            ; retry, seconds
604800          ; expire, seconds
3600 )          ; Negative caching TTL, seconds

in-addr.arpa.  IN NS  c3po.myzone.zone.
101.111.170.10.in-addr.arpa. IN PTR     c3po.myzone.zone.
15.24.24.10.in-addr.arpa.    IN PTR    net1.myzone.zone.

Forward zone template:

$TTL 60
myzone.zone. IN  SOA c3po.myzone.zone. root.c3po.myzone.zone. (
2007011703      ; serial, todays date + todays serial #
10800           ; refresh, seconds
3600            ; retry, seconds
604800          ; expire, seconds
3600 )          ; negative caching of TTL, seconds

myzone.zone.  IN  NS  c3po.myzone.zone.
localhost            IN  A     127.0.0.1
c3po.visops.zone.                  IN  A     10.170.111.101

net1.myzone.zone.        IN  A    10.24.24.15

localzone template:

0.0.127.in-addr.arpa. IN  SOA c3po.myzone.zone. root.c3po.myzone.zone. (
2007011703      ; serial, todays date + todays serial #
10800           ; refresh, seconds
3600            ; retry, seconds
604800          ; expire, seconds
3600 )          ; negative caching of TTL, seconds

0.0.127.in-addr.arpa.  IN NS  c3po.myzone.zone.

1.0.0.127.in-addr.arpa.  IN PTR localhost.

/etc/named.conf template (for bind 9.2 and later)

options {

directory “/var/named”; // the default

dump-file               ”data/cache_dump.db”;
statistics-file         ”data/named_stats.txt”;
memstatistics-file      “data/named_mem_stats.txt”;

};

logging
{
/*      If you want to enable debugging, eg. using the ‘rndc trace’ command,
*      named will try to write the ‘named.run’ file in the $directory (/var/named).
*      By default, SELinux policy does not allow named to modify the /var/named directory,
*      so put the default debug log file in data/ :
*/
channel default_debug {
file “data/named.run”;
severity  dynamic;
};
};

zone “myzone.zone” in {
type master;
file “db.myzone”;
};

zone “in-addr.arpa” in {
type master;
file “in-addr.arpa”;
};

zone “0.0.127.in-addr.arpa” in {
type master;
file “named.local”;
};

zone “.” in {
type hint;
file “named.ca”;
};

echo redirects with sudo don't work

Monday, October 12th, 2009

if you try something like sudo echo “This is test” >> /some/file_owned_by_root you’ll get : Permission denied” message.

The problem is that the redirect is opening a sub-shell which is owned by the user who intiated echo command and not root.  In this case this user doesn’t have permission to write to /some/file_owned_by_root.

Solution is to run:

sudo sh -c ‘echo “This is test” >> /some/file_owned_by_root’

sh -c will read the commands from the string and basically all the commands will be run as root (with sudo before sh -c)

“man sudo” also explains similar use case:

To make a usage listing of the directories in the /home partition.  Note that this runs the commands in a sub- shell to make the cd and file redirection work.

$ sudo sh -c “cd /home ; du -s * â sort -rn > USAGE”

disable anonymous logins on in.ftp, wu-ftp and similar ftp servers

Monday, October 12th, 2009

in /etc/ftpaccess file add line:

guestserver

save and quit

guestserver [<hostname>]

Controls  which  hosts  may  be used for anonymous or
guest access. If used without <hostname>, denies all
guest  or  anonymous  access to this site.
More than
one <hostname> may be specified.  Guest and anonymous
access  will  only  be allowed on the named machines.
If access is denied, the user will be  asked  to  use
the first <hostname> listed.

http://www.wu-ftpd.org/man/ftpaccess.html